09‏/02‏/2017

أوامر الشبكات Network Commands

أوامر الشبكات Network Commands

العديد من أوامر الشبكات المهمة

Useful Network commands

VNStat

One of the best network commands. vnStat works on Linux and BSD OS to monitor network traffic from the console. It logs network traffic for any interface it is configured to monitor. Since this information is coming from the kernel, rather than packets sniffing, it doesn’t put a strain on your network resources, and doesn’t need root permissions.

VnStat is packed with useful features so, after a quick and easy installation you’re ready to start monitoring multiple interfaces simultaneously. Don’t worry about losing information in case of a reboot, vnStat stores all the statistics you’ve gathered, even through reboots. It can be configured to provide information on your bandwidth usage for the periods you want to monitor, hourly, daily or monthly, or from billing day to billing day, in case your provider bills you on the 23rd, the 24th or whenever.

The information it compiles can be shown graphically or as a command line, and can even be customized with color fonts.

Ping (Unix/Windows)

This is your most basic network command. It goes way back to the 1970’s. It’s useful for quite a few things, and it’s really not quite as simple as people think. It’s based on ICMP protocol and allows us to determine whether there’s a connection between our device and a network. It’s also used to check the “speed” or latency time for said network connection. It’s a command that exists on all OSs that support TCP/IP and it’s one of those basics you should know.

It has tens of parameters and one of the most useful ones for monitoring purposes is the “number of packets to send”. Since it’s really not strange to find a network that launches the first packets, it’s usually a good idea to send back at least three packets and check that at least one reaches its destination, before discarding a connection. For this we use the parameter ‘-c’. This same technique can be applied to get the packet-loss percentage on our network, by sending 10 packets and checking if any are lost.You would be surprised (or maybe not) to see how many packets are usually lost on a network. This interesting tool comes pre-integrated on Pandora FMS, both for determining connectivity, latency times and packet loss.

Execution: ping device name/IP

<23>Traceroute (Unix/Windows)

We just love this command in particular. Its main objective is to map the route that a packet takes as it traverses our network. This network command will let us know where a packet goes through (devices, switches, routers) and check that our network functions correctly. In case of trouble, it allows us to form an idea as to where the problem is. Pandora uses this on its network mapping tool (Recon Server) and, thanks to that and other advanced tools, can “draw” a network hierarchy.

Execution:

traceroute –n (on Unix / Linux)

tracert –d (on Windows)

Arp (Unix/Windows)

Useful for monitoring and visualizing the ARP chart, which picks up the mapping between the IP and MAC addresses. It’s quite low level since it can only see the connections corresponding to our Local Area Network segment (LAN), but it can be used to find out what devices are connected directly to our host or which devices we’re connected to. It’s a diagnostics tool, and sometimes it can be interesting to monitor to discard ARP Poisoning attacks, which is one of the most common ways of ID replacement on LANs.

With Pandora FMS, a normal integration consists of verifying that the IP and MAC correspondence on hosts stays the same. If it changes suddenly, it indicates that a host on the network is passing itself off as another.

Execution:

arp -a

Curl and wget (Unix/ Windows)

One of the most useful network commands. Necessary command for HTTP, HTTPS or FTP requests to remote servers. They allow downloading files or entire webpages, even in resource mode, which allows us to make a literal “copy” of a website including its image content. They support cookies and allow sending POST queries, apart from being able to simulate an user agent, use an HTTP proxy or even a SOCKS4/5 proxy.

One of the most used features when integrating with Pandora is verifying a specific webpage’s content. Since wget/curl allow us to download the entire contents from a site, it’s easy to compare the MD5 from that content with a previously verified value. If it changes, then it means the site has been tampered with. Using this feature makes it easy to verify if a website has been altered.

Netstat (Unix/Windows)

Network command which identifies all TCP and UDP connections which are open on a device. Besides letting us know of any open connections on a device we can also obtain the following information:

Route chart, to know our network interfaces and their exits or entrances.

Ethernet statistics that show us outgoing/incoming packets and errors ocurred.

Know the ID of the process which is using the connection.

Netstat is another one of those basic network commands (like PING) that are useful for a lot of elementary tasks. Some of the things that default Pandora agents use to obtain system information are traffic statistics, number of open connections and, more importantly, the number of connections pending for closure or under establishment process. An unusual growth in these metrics can mean serious trouble, both because of internal performance issues on the server, or an external attack.

Whois (Unix/ Windows)

A network command used to consult domain data, like the domain owner, its expiry time, configured registries, contact data, etc. Recommendable to use when contacting domain administrators or for servicing migration instances, such as email or webpage migrations.

SSH (Unix/Linux/Windows)

Command for safely executing terminals on remote machines. SSH allows any user to run a console logging in to the system with a username and password, being able to execute the same commands as if it were local.

To allow a remote device to connect to our server via SSH we have to install and configure an SSH server such as FreeSSHD.

SSH allows remote command execution and bilateral file copying, apart from obtaining a remote interactive Shell. We shouldn’t forget that SSH is the “natural” replacement for classic tools such as Telnet or FTP, and, with the passing of time, has become a basic tool in system administration. Despite its power and complex symmetrical cyphering combinations and verification and authentication protocols, it’s targeted constantly by attacks. Therefore, it’s convenient to secure it properly.

Pandora FMS uses SSH for various tools, the most common of these being the possibility to execute remote commands. For security reasons we need the user to establish an authentication protocol based on certificates, which allows remotely executed connections to the device, without the need for a password. It’s a convenience, but somewhat difficult to implement which is why the Enterprise edition allows our satellite server to perform multiple remote connections to different hosts in a more optimized and comfortable way. This allows us to perform hundreds of checks per second.

TCPDump (Unix/Linux/Windows)

This is yet another “basic” tool. A sniffer. It’s an advanced command to inspect traffic on the different interfaces of a device and give the volume of interchanged packets. The output can be dumped onto a file for further analysis with more powerful sniffers or with those that have a graphic interface such as Wireshark. For Windows systems WinDump has to be used. If used properly, it’s the definitive tool for system administrators, network administrators or programmers. Obviously, it has dozens of arguments in its favor.

TCPDump should be one of your main network commands. Enjoy!

Ngrep (Unix/Linux/Windows)

This takes the potency of the ‘grep’ command to the Net. It’s basically a tcpdump with text subchain filters in real time. It’s an HTTP, SMTP, DNS and other protocol communication packets filter. It has a very powerful filtering system over regular expressions and it’s usually used to process files generated by tcpdump, Wireshark, etc.

NMAP (Unix/Windows)

NMAP is considered the forefather for general network scanners. Even though nowaday there are more trustworthy tools available for some taskes (i.e. Fping) NMAP is still a very versatile tool for network scanning. It’s useful both for determining which hosts are alive on a network and for performing scans in very diverse modes.

Netcat (Windows/Unix)

Netcat, or ‘nc’ is the most versatile and light tool around right now. Nevertheless, its use requires a little more imagination. Only if you’ve messed around with scripting will you understand the subtlety of its name: Net Cat. It’s a tool thought out to be used as a redirect destination (a pipe o |). It’s useful for sending or receiving information from a connection. For example, a Web query to a service would be something as simple as:

Lsof (Unix/Windows)

Lsof is not only used as a network tool. It’s a tool that’s useful for identifying which files a process is using or keeping open. In the case of Unix environments, a file is also a network connection, so it’s useful to know which ports are open during a specific running process, something which can prove to be extremely useful in some cases.

It can also be used to know how many files a single process has open. It doesn’t have anything to do with the network, but we’re sure it’ll be useful for you anyway. Lsof is one of those tools you should know about.

IPtraf (Linux)

A specialized network command which obtains traffic statistics. It has an ncurses interface (text) to analyze the traffic that goes through an interface in real time. Very useful if you see anomalies on your device and you need to see and inspect the traffic coming through it.